AI agents are moving from passive assistants to active participants in the workplace. When connected to email, files, terminals and cloud services, they introduce a new class of security risk that requires governance, not just policies.
A North Korean state-sponsored group backdoored 144 Mastra AI npm packages with a malicious dayjs typosquat. The postinstall hook ran automatically on npm install, exposing developer machines and CI/CD pipelines to credential theft and full system compromise.
AutoJack, FortiBleed, and evolved LLMjacking show AI agents and self-hosted inference are now live attack surfaces. Here's what enterprises need to patch this week.
A major WordPress plugin vulnerability is leaking API keys and OAuth tokens right now. With AI-enabled phishing on the rise, that stolen data is more dangerous than ever.
AI voice agents have evolved into autonomous systems that negotiate bills, cancel subscriptions, and appeal insurance denials on your behalf. Here is how they work and what it means for consumers.
Cybernews researchers have discovered an Elasticsearch database containing 24 billion exposed credentials, including usernames, passwords, and login URLs in plaintext. Here is what it means and how to protect yourself.
More than 160 cybersecurity and AI experts have warned that any US government move to ban or restrict Anthropic's AI models could backfire, creating a technological vacuum that Chinese-backed hackers could exploit.
A new Accenture report shows most organisations are still exposed to AI-augmented threats, while documented campaigns already show AI doing the bulk of large-scale hacking.
An autonomous AI agent found 21 zero-day vulnerabilities in FFmpeg while Chrome patched a record 429 bugs. Here is what that means for every team shipping software today.
Unmonitored AI tools are adding hundreds of thousands of dollars to breach costs. Here is what is actually happening and why your governance gap is the problem.
